...

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-11-07 20:51:39 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-11-07 20:51:39 +0100
commit: 0e9f1e85cd8c6f9d546ef88e971043b909017170 (patch)
tree: 5cb4d14df7594ef123f20d82cb2ec423b6bca744 /shell.nix
parent: f563ddece04adfd8d80d4e984405f5c70a6c94f3 (diff)
download: nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar
nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar.gz
nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar.bz2
nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar.xz
nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.zip
1 files changed, 28 insertions, 7 deletions
diff --git a/shell.nix b/shell.nix
index 6ada761e..14125d02 100644
--- a/shell.nix
+++ b/shell.nix
@@ -1,8 +1,29 @@
-{ pkgs ? import <nixpkgs> {}, deploy-rs, nvfetcher }:
+{ system, self, deploy-rs, nvfetcher, mach-nix, leapseconds, ... }:
 let
-  tai64dec = pkgs.writeShellScriptBin "tai64dec" ''
+  pkgs = self.legacyPackages.${system};
-    echo $((16#$(${pkgs.daemontools}/bin/tai64n <<<"" | ${pkgs.coreutils}/bin/tail -c +2 | ${pkgs.coreutils}/bin/head -c 16)))
-  '';
+  ca = mach-nix.lib.${system}.buildPythonPackage {
+    pname = "ca";
+    src = ./tools/ca;
+    version = "0.0.0";
+    ignoreDataOutdated = true;
+    requirements = ''
+      cryptography >=38.0.0
+      fqdn
+      atomicwrites
+      leapseconddata
+      xkcdpass
+    '';
+    _.cryptography.buildInputs = with pkgs; [ openssl ];
+    postInstall = ''
+      wrapProgram $out/bin/ca \
+        --set-default LEAPSECONDS_FILE ${leapseconds} \
+        --prefix PATH : ${pkgs.lib.makeBinPath (with pkgs; [sops])}
+    '';
+  };
 in pkgs.mkShell {
  name = "nixos";
  nativeBuildInputs = with pkgs; [
@@ -10,10 +31,10 @@ in pkgs.mkShell {
    wireguard-tools
    gup
    nftables
-    deploy-rs
+    deploy-rs.packages.${system}.deploy-rs
-    tai64dec
    knot-dns
    yq
-    nvfetcher
+    nvfetcher.defaultPackage.${system}
+    ca
  ];
 }
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-11-07 20:51:39 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-11-07 20:51:39 +0100
commit	0e9f1e85cd8c6f9d546ef88e971043b909017170 (patch)
tree	5cb4d14df7594ef123f20d82cb2ec423b6bca744 /shell.nix
parent	f563ddece04adfd8d80d4e984405f5c70a6c94f3 (diff)
download	nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar.gz nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar.bz2 nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar.xz nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.zip

diff --git a/shell.nix b/shell.nix index 6ada761e..14125d02 100644 --- a/shell.nix +++ b/shell.nix
@@ -1,8 +1,29 @@
1	{ pkgs ? import <nixpkgs> {}, deploy-rs, nvfetcher }:	1	{ system, self, deploy-rs, nvfetcher, mach-nix, leapseconds, ... }:
2	let	2	let
3	tai64dec = pkgs.writeShellScriptBin "tai64dec" ''	3	pkgs = self.legacyPackages.${system};
4	echo $((16#$(${pkgs.daemontools}/bin/tai64n <<<"" \| ${pkgs.coreutils}/bin/tail -c +2 \| ${pkgs.coreutils}/bin/head -c 16)))	4
5	'';	5	ca = mach-nix.lib.${system}.buildPythonPackage {
		6	pname = "ca";
		7	src = ./tools/ca;
		8	version = "0.0.0";
		9	ignoreDataOutdated = true;
		10
		11	requirements = ''
		12	cryptography >=38.0.0
		13	fqdn
		14	atomicwrites
		15	leapseconddata
		16	xkcdpass
		17	'';
		18
		19	_.cryptography.buildInputs = with pkgs; [ openssl ];
		20
		21	postInstall = ''
		22	wrapProgram $out/bin/ca \
		23	--set-default LEAPSECONDS_FILE ${leapseconds} \
		24	--prefix PATH : ${pkgs.lib.makeBinPath (with pkgs; [sops])}
		25	'';
		26	};
6	in pkgs.mkShell {	27	in pkgs.mkShell {
7	name = "nixos";	28	name = "nixos";
8	nativeBuildInputs = with pkgs; [	29	nativeBuildInputs = with pkgs; [
@@ -10,10 +31,10 @@ in pkgs.mkShell {
10	wireguard-tools	31	wireguard-tools
11	gup	32	gup
12	nftables	33	nftables
13	deploy-rs	34	deploy-rs.packages.${system}.deploy-rs
14	tai64dec
15	knot-dns	35	knot-dns
16	yq	36	yq
17	nvfetcher	37	nvfetcher.defaultPackage.${system}
		38	ca
18	];	39	];
19	}	40	}